Перейти к содержанию
Авторизация  
Vlad2

TrainMe CE Protect

Рекомендуемые сообщения

Vlad2 что хоть за кодировка, у тебя. 

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты

Какой программой можно оперативную помять анализировать, что бы посмотреть, что грузится, или выгружается.

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты
33 минуты назад, Submarinа сказал:

Какой программой можно оперативную помять анализировать, что бы посмотреть, что грузится, или выгружается.

x32_dbg и x64_dbg

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты

А зачем вообще его расшифровывать(второй трейнер)? Его же просто можно вызвать, а там посмотреть какие байты были изменены.

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты
58 минут назад, partoftheworlD сказал:

А зачем вообще его расшифровывать(второй трейнер)? Его же просто можно вызвать, а там посмотреть какие байты были изменены.

large

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты
10 час назад, partoftheworlD сказал:

А зачем вообще его расшифровывать(второй трейнер)? Его же просто можно вызвать, а там посмотреть какие байты были изменены.

Затем, что в данной теме поставленна задача распаковать, а не посмотреть, что он пишет

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты
В 25.11.2016 в 17:21, Гость сказал:

 

Действительно. А как это дело расшифровать?

 

  Показать контент

--RegisterSymbolLookupCallback
slStart = 0 --The very start of a symbol lookup. Before tokenization
slNotInt = 1 --Called when it has been determined it's not a hexadecimal only string. Before tokenization
slNotModule = 2 --Called when it has been determined the current token is not a modulename
cba=decodeFunction('c-oa(TaV,]k*}$YJ!5+D(1MV)xgbjzMs?}C4?BzH)l]T%lE]j)bc-l.kNwi1$kP)tB#%H,eesiwAa=d*H]!#d].?mJPx%o(Mq:dl7xqu:AMjSyAtm*pd$DQEbl2sas[*dPQ;.UNx4U#};D#{4OZko;-/R+-zdVvQKaVaN1+rhU7x,usN#NIRqaj)VhIDX!Eqw}gmoUVWR*zOgl5{5@R:ZL_dayF2Pp:EodyQ3rc(Q1rRM;4aVQy3UskD.bTdfKK+t[3Y^mhbDAd$e/UCDzv*:KbSUN.3VwIy%0!m+!Qt2X%lgY=.T3uICOWIwkWZK+H*Q6d]kjX#q9/!VRTHE@zUhvr[J)t-4*(@30Y-(^*t4^%wqrq5tapI/i$UxKb,;]MPFeOf3O1=ji2HV?a/kX9C}rMr3wc6T#ez*N39WCJY!6fkF*^=%F=fFCR8_IGsW1L.q^puej;^SyCvCUt.b^kxF.]By@r0m@:DH4fnKU.cysUjOA6g8$$?;2Kq(zZCpme{#WP0}9dlzi_FR/8QE+uE2EN6(MI#Px@fWV%q2t[8(lmtAJO(b1L6,l7z+neAnml4qvcHe(DfFKVr#}VCl$rF67.d+iYHpU.WQJA}W^),G4.^McLbP:gd8u?:G.Ios[BBT+aMEB2qE$SrNEaMr%MH#Lg9vx]Ok0*Z?#9nddA?*#*-#d6XM?s*W-nJ59krI34-3c=#3RY0vk)fWh:_YF=)XqdhC-r2ec-Mne^IHF0Ae1XCwogG!P/j}JLsl0zQ+pYSMk0/f7RM-T$v1x5#@$/sO5OcG/6?}wg8Otc/c$pkc@3ZAFAgK1+;)F^.)M1I1YDM6klZQlv[49riHG3UXtA9=%(Op9Te2rSb(64!}.@lAaIP#;K-Nve]0Wa+rH$z$a-3Hv-X0*G{!oPp074Vf-XY5OxjO*%Pfdof:_9sm/Il^g*tfTqSNMv#Rp(O^oB#[:,8VOu;hot+PU;hlPK$tTfS#4n.FCs/NYxq0chsbC=foTw(CFBpq3u*OKdW-K1hoe0Cr=a(E:jEC6rPUObSNth;0R9,J]uOP_@Z=hZY[FoghxEcssV0Z?D;x9,KIIT#b[1JVdQ[r2*$E]@})gX]/3,[W6W(wVxOc!A%N:vw-i=EGTMr]IMDT^Gu7omCSGKxo+(099om^v/hAhyh1rj!_r*NoyvBxE2x#/L{(JKfB6A;sUJ$u;Y-egb:eM}R/,]vr^Rc$fso(jAn[X$3rChKrE0O=DlTlkWp^:zFj:NLeuhw?CH.$PXd*o_WE50{kd-h:*.3cY-XXonXut.L-@o-BTWdKPRB$Spq@F(oWT0z:zqG!FUdn#F.?:prp=%hUu^rN05bhu2VCPIR-OKJJBhRLnn*7n6]Ly;gR(eE#_Unky*L7$P%g*eNJU!?SI9S%ZXeTP;C=6JVuOAOjsIU0mN_HnMFKikXE1$0;}wtKjui,giXQJfjMNs0?DYKVw9h0nsN*Om=g@}#o]rX/kV+;gg%T1(w/KBKU4u:ERbzW0dGtow{pT[CcN81SVSzKZ%bi8F)BR,RSCwnWFMUbH}iLU5G^0DTo;kElVb;CEG.C:N6=^KE(=A5hRUL4r}tbLSws#qe{U69/Y=:G5l81JJBrzUo}O,#Ixy$yF@^nvou{.!q.#NuLR1N.tj=BE(6ikZD:3B22MJaMauWG2[gE(]SNHY=QE.WgGsjb;SE;W]d$xov%sd)}Je@=gf%78:vZM_q7I[1nlOfoTao@9:As$p?@slw3I+_vD#dzta%b1qbS_*gMGz5MCg=54UsEn)B(aPC1nJ7okPrA+=cs%G,oPZszSsmGy)Qlbu.7Z8#+2+%nF9fRrU*kby.H$[tjTR/i4e7Db1hP(xyQVQhf8:3gjwd5;PcH1kjx_P)EVKsw?o0elwS59$[9w]Y$*Pc@P2[{CW7ruRI8-kpZ]vS1wN5kbq0vIFL^5jJ(Hy2l$Y/Ytfi6q5D6]+2nih08:,PX*)lrTKiOfxgND[:u:irbO1fxATruYyB,w7Vx*Rnc(Yo9p6V7?S0lQG(ai/S3^p=x??0feN{x6Ki.1f}tf#BhRhXm${pncx)WA}d*eWkQ16P$3v4qzFM7De[*Hiu[iQB8U4)k+@w3/fe]k]7m%;NsBvK75jq{X*$P3LVysfgunu7pAZ{%MF/X(A[N[z2+C$P5dut=ee!]DxlcZNNRbZ:;@{JzAVoef1}u}W6Qo2ABSk*Jq^s*xu_[@HfokOA2r2S$j1;8JffV]p5GnHU5oRv::pJ[vL_wSa81iHchv:+;5@B.L8g1N@dUeC(+3_bmJZ?0Ew(8J];h%qeo23/t8$pEx,D1=%fxZ#!lVA%(jRfV5piTl;es9tpcZS@$NkTY^cAFS,V$7j2GRAaHv=AfOC)ZH5pp4dvBHhhar$=tw),Fw1bJS[msniIlr4daSEuCnBXO*O1WEQPdBTyDCQk.H@*,bKBMN1P0-:bBCV^g%d#F4kOA}Bg]?}jKb8oAbmYmI#C!na1wb;Uni?4E1:k$X]-ERFo?!oNlUbOAsk1SNq$Cj:#dKqmyHZ0(=V6dX$?1ft,rIw24h2R5lYpsJ}fB4D=m^!x5I73gjXq^zsv5=Lir-MmOv$-rncL1gXr1VS?fPpF8Cz=:m@*/mkwoL[A2NcQo]q1ayNGl1zCFFL*;M@q$+pwrI/RTA[Eqbxs(9ho+^6sqgQL(3wdS6MS^):s40DZ_#n,*aD!hoqS:l/M2k^s3}cbA);?+YZBruiAzcV,;JIx5OK]7;l8Q$pX/TDvQ%LJNI4DU?T6xsV{.V#c5fPI+;I%mT+8t({F2ng029qXTz(Nmvlkz11%od@uPqqZ9j4HE(#3$aMPe;Me*wlywyY6?Vpow_J3H3iwluxbI3%),!P:6%ExKTq0XuZBwSE9,_97rbpo3DF=PUP5+.KxxY$xBNd0hr7qPFxDG$1wpDh/=a[YEeN*p)qL#/;HI,XF8sc:cS!fQGR]Kjut2}AT2n*gI*vQuo.QhvrF^{XDv!3f,h.Rb_(zzQ0NCg*/#A^AmZcM@39mpe#CKoLSddLaJiM2(a}[UG*/?tEtwHBaT)Atls/^U4rs,+/__tN*+}6jtRf/Cv}1XifEV:OLMjoRA6AlZ3[M%y:SP7^tGONz09uEPTTH,GP3fHks^$AJJ,A7r=fHVaxG?C3Vl0,s#H=buqav:1xk{XZ_@8MVuiPin4(KaYAnd#1R4Z*PehnI3,nZ/O#K}bY5}HzK[VHaCEp0H+6NQ7/Rql1fl7)lrPpYI7z)c[;l#Nb1j4.#RnG:i+HEx6}#$nxKR:.AjPGUU.)!trz3}AOrXUC6wqx]NW=rvIZrxpfXLc.LT=r[9-8%{;nEZZoF@l:Eyto9DBWWN,S%?4@xUK.E)wh8?X!#*@#DrialdVKM*sI2XM)Olyq5D;v#RI)aAY2lhm40BW^xOkAZQ)Sx?{QkfiwF=vun18gCVuAP?v(%H6QaCTx#$de:e?S#oMHC;Eajp8xp,pe$9}l/p_z}/9ViJcqNYKZRX?W-YMrcOY@rcz}#n.s46CGi)ngj18DipBeOrYPI=2V?bvSncv(n$U$m^oZk;AZOsl]9g(3@omTzdOqZf?lX:_?+X*/Y^=YV*f)^4kIVKQm.,q5^DwB=*H7Xol?x%P?y0M4{77.bBi4@6nI/:WaS,QYRPv?rFi*?a(.E=z{YTSG0;].:W]ol{zqWA0pi+IqE@;_J%=#7;wf[Ru:X9?TGPvLbKTANE[oJ%aN6.}(G5.4z7ZlhJ_MG%a{S,e6cMz8RrqBRckp*#+ZZ[RNh@-zZ:7x+K[EBkvE!H,ALQr8%-Y[AAOtrtEizCj/nLZR4%xlZ{yWp4f1m-01di;g.X1wHrEPG9I,yp4Jj@Q7(Q_Dxwq6d)Vq[=1zjm?!j%8Y*s,K(Leu@c?c_uQzd!V#rHk)1I,xC.rLkInY1lk-m(L=Dt^_Q)MiJaQORQH3=6#fXB7DxLdPR9O(%@]^EVfoIoL9z89WZ!KFGT*lJAMaEz9uWdZ@=U/YYO0n17a$?A5;x7egCx(g5@l%/,j4yK_]ePdq1.3-S)DS?{)Yl/3^AGi5.zUNH9#8CKAT-@.D.9^XN8fB3VUf6)OcoQv*BDq!,k,pntS]z=pwc+?[hTBVa[TTNpq]B1EXsL5{?gM:Cu]J1mi9poJ;.tzK,2M[.Yy+eoA58a(mN4ziWsgo%1L*8gGE/YGL[.[#efXDK#/pi*1Z$hL85xs/y?6,D2Oj+H{?C18f]7N;5L!O=oEBT)dhR_m$:==z-9O!:]^tg1d(s6ss4arzZ@r.FzkKBDV+6)1f.ilDrQvL+JK@3H1e_]t?m,-$J-F,8W^8n[)xRwr9+YqvxpRTW@=;FwQ*@h2k@eKKz!+4a([cQU]rU}+pnVi0dN#B:X-i/L@Hm.?3yz86ua8VCvt3=VxqC}0u24+6L786XREqEizMPIG60ly0kV})$[/=o%krIRT%jnL(fGaj9IB}Q}%rcc-/q;8ikrtIyn3R!(MY0TY6mzS46QuRvpvEuM4eoJ[SJNzTH*;O,H,%42vMQs).^fb(NZ.sJnUQ:yV*k.w^Yiiw8E%.{[zsE_PHNm2DqT#m,@}XwpD{NNTbQwo.7PH3,KzgcpQ=.TaiVC18tF/}2MYUqQ0!^fiT(SDr3Yn$)@(-BFK;jHW0:vp*.8S?A8o/Tdo*]e+U$MI{M9Wk;wvO0iWf_SN#9PJs/FCoct*Kq_fW3?l') cba()
slNotUserdefinedSymbol = 3 --Called when it has been determined it's not a userdefined symbol
slNotSymbol = 4 --Called when it has been determined it's not a symbol in the symbollist
slFailure = 5 --Called when it has no clue what the given string is

 

 

Друг сделал программу-дешифратор для encodeFunction в СЕ. Вот её возможности.

После расшифровки скрипта который выше

Спойлер

local L0_0
L0_0 = assert
L0_0 = L0_0(io.open("defines.lua", "w"))
f = L0_0
L0_0 = f
L0_0 = L0_0.write
L0_0(L0_0, [[
--Defines:

--checkbox state defines
cbUnchecked=0
cbChecked=1
cbGrayed=2


--onMouseEvent button defines:
mbLeft=0
mbRight=1
mbMiddle=2
mbExtra1=3
mbExtra2=4


--memo scrollbar defines
ssNone=0
ssHorizontal=1
ssVertical=2
ssBoth=3
ssAutoHorizontal=4
ssAutoVertical=5
ssAutoBoth=6


bsNone=0
bsSingle=1
bsSizeable=2
bsDialog=3
bsToolWindow=4
bsSizeToolWin=5

 

--scan types: (fast scan methods)
fsmNotAligned=0
fsmAligned=1
fsmLastDigits=2

--rounding types
rtRounded=0
rtExtremerounded=1
rtTruncated=2

--scan options
soUnknownValue=0
soExactValue=1
soValueBetween=2
soBiggerThan=3
soSmallerThan=4
soIncreasedValue=5
soIncreasedValueBy=6
soDecreasedValue=7
soDecreasedValueBy=8
soChanged=9
soUnchanged=10


--debug variables
--Breakpoint methods:
bpmInt3=0
bpmDebugRegister=1
bpmException=2


--Breakpoint triggers:
bptExecute=0
bptAccess=1
bptWrite=2

--breakpoint continue methods:
co_run=0
co_stepinto=1
co_stepover=2

--CloseAction types
caNone=0;
caHide=1;
caFree=2;
caMinimize=3;

--alignment types
alNone=0
alTop=1
alBottom=2
alLeft=3
alRight=4
alClient=5

--message dialog types
mtWarning=0
mtError=1
mtInformation=2
mtConfirmation=3

--message dialog button types
mbYes=0
mbNo=1
mbOK=2
mbCancel=3
mbAbort=4
mbRetry=5
mbIgnore=6
mbAll=7
mbNoToAll=8
mbYesToAll=9
mbHelp=10
mbClose=11


--message dialog results:
mrNone = 0;
mrOK = mrNone + 1
mrCancel = mrNone + 2
mrAbort = mrNone + 3
mrRetry = mrNone + 4
mrIgnore = mrNone + 5
mrYes = mrNone + 6
mrNo = mrNone + 7
mrAll = mrNone + 8
mrNoToAll = mrNone + 9
mrYesToAll = mrNone + 10
mrLast = mrYesToAll

--duplicate enum
dupIgnore = 0
dupAccept = 1
dupError = 2


--Variable types
vtByte=0
vtWord=1
vtDword=2
vtQword=3
vtSingle=4
vtDouble=5
vtString=6
vtUnicodeString=7 --Only used by autoguess
vtByteArray=8
vtBinary=9
vtAutoAssembler=11
vtPointer=12 --Only used by autoguess and structures
vtCustom=13
vtGrouped=14

--Key codes
VK_LBUTTON = 1
VK_RBUTTON = 2
VK_CANCEL = 3
VK_MBUTTON = 4
VK_XBUTTON1 = 5
VK_XBUTTON2 = 6
VK_BACK = 8
VK_TAB = 9
VK_CLEAR = 12
VK_RETURN = 13
VK_SHIFT = 16
VK_CONTROL = 17
VK_MENU = 18
VK_PAUSE = 19
VK_CAPITAL = 20
VK_ESCAPE = 27
VK_SPACE = 32
VK_PRIOR = 33
VK_NEXT = 34
VK_END = 35
VK_HOME = 36
VK_LEFT = 37
VK_UP = 38
VK_RIGHT = 39
VK_DOWN = 40
VK_SELECT = 41
VK_PRINT = 42
VK_EXECUTE = 43
VK_SNAPSHOT = 44
VK_INSERT = 45
VK_DELETE = 46
VK_HELP = 47
VK_0 = 48
VK_1 = 49
VK_2 = 50
VK_3 = 51
VK_4 = 52
VK_5 = 53
VK_6 = 54
VK_7 = 55
VK_8 = 56
VK_9 = 57
VK_A = 65
VK_B = 66
VK_C = 67
VK_D = 68
VK_E = 69
VK_F = 70
VK_G = 71
VK_H = 72
VK_I = 73
VK_J = 74
VK_K = 75
VK_L = 76
VK_M = 77
VK_N = 78
VK_O = 79
VK_P = 80
VK_Q = 81
VK_R = 82
VK_S = 83
VK_T = 84
VK_U = 85
VK_V = 86
VK_W = 87
VK_X = 88
VK_Y = 89
VK_Z = 90
VK_LWIN = 91
VK_RWIN = 92
VK_APPS = 93
VK_NUMPAD0 = 96
VK_NUMPAD1 = 97
VK_NUMPAD2 = 98
VK_NUMPAD3 = 99
VK_NUMPAD4 = 100
VK_NUMPAD5 = 101
VK_NUMPAD6 = 102
VK_NUMPAD7 = 103
VK_NUMPAD8 = 104
VK_NUMPAD9 = 105
VK_MULTIPLY = 106
VK_ADD = 107
VK_SEPARATOR = 108
VK_SUBTRACT = 109
VK_DECIMAL = 110
VK_DIVIDE = 111
VK_F1 = 112
VK_F2 = 113
VK_F3 = 114
VK_F4 = 115
VK_F5 = 116
VK_F6 = 117
VK_F7 = 118
VK_F8 = 119
VK_F9 = 120
VK_F10 = 121
VK_F11 = 122
VK_F12 = 123
VK_F13 = 124
VK_F14 = 125
VK_F15 = 126
VK_F16 = 127
VK_F17 = 128
VK_F18 = 129
VK_F19 = 130
VK_F20 = 131
VK_F21 = 132
VK_F22 = 133
VK_F23 = 134
VK_F24 = 135
VK_NUMLOCK = 144
VK_SCROLL = 145
VK_LSHIFT = 160
VK_LCONTROL = 162
VK_LMENU = 164
VK_RSHIFT = 161
VK_RCONTROL = 163
VK_RMENU = 165


--shellExecute show defines:
SW_HIDE = 0;
SW_MAXIMIZE = 3;
SW_MINIMIZE = 6;
SW_NORMAL = 1;
SW_RESTORE = 9;
SW_SHOW = 5;
SW_SHOWDEFAULT = 10;
SW_SHOWMAXIMIZED = 3;
SW_SHOWMINIMIZED = 2;
SW_SHOWMINNOACTIVE = 7;
SW_SHOWNA = 8;
SW_SHOWNOACTIVATE = 4;
SW_SHOWNORMAL = 1;


--Pixelformat
pfDevice = 0
pf1bit = 1
pf4bit = 2
pf8bit = 3
pf15bit = 4
pf16bit = 5
pf24bit = 6
pf32bit = 7
pfCustom = 8

--Disassembler value type
dvtNone = 0
dvtAddress = 1
dvtValue = 2

--Dissectcode
jtCall = 0
jtUnconditional = 1
jtConditional = 2
jtMemory = 3

--RegisterSymbolLookupCallback
slStart = 0 --The very start of a symbol lookup. Before tokenization
slNotInt = 1 --Called when it has been determined it's not a hexadecimal only string. Before tokenization
slNotModule = 2 --Called when it has been determined the current token is not a modulename
slNotUserdefinedSymbol = 3 --Called when it has been determined it's not a userdefined symbol
slNotSymbol = 4 --Called when it has been determined it's not a symbol in the symbollist
slFailure = 5 --Called when it has no clue what the given string is

poDesigned = 0
poDefault = 1
poDefaultPosOnly = 2
poDefaultSizeOnly = 3
poScreenCenter = 4
poDesktopCenter = 5
poMainFormCenter = 6
poOwnerFormCenter = 7

asrTop = 0
asrBottom = 1
asrCenter = 2
asrLeft = asrTop
asrRight = asrBottom

vsIcon = 0
vsSmallIcon = 1
vsList = 2
vsReport = 3

LWA_COLORKEY = 1
LWA_ALPHA = 2

GW_HWNDFIRST = 0
GW_HWNDLAST = 1
GW_HWNDNEXT = 2
GW_HWNDPREV = 3
GW_HWNDOWNER = 4
GW_CHILD = 5;
GW_ENABLEDPOPUP = 6;

mrhToggleActivation=0
mrhToggleActivationAllowIncrease=1
mrhToggleActivationAllowDecrease=2
mrhActivate=3
mrhDeactivate=4
mrhSetValue=5
mrhIncreaseValue=6
mrhDecreaseValue=7

MOUSEEVENTF_MOVE      =0x0001
MOUSEEVENTF_LEFTDOWN  =0x0002
MOUSEEVENTF_LEFTUP    =0x0004
MOUSEEVENTF_RIGHTDOWN =0x0008
MOUSEEVENTF_RIGHTUP   =0x0010
MOUSEEVENTF_MIDDLEDOWN=0x0020
MOUSEEVENTF_MIDDLEUP  =0x0040
MOUSEEVENTF_XDOWN     =0x0080
MOUSEEVENTF_XUP       =0x0100
MOUSEEVENTF_WHEEL     =0x0800
MOUSEEVENTF_HWHEEL    =0x1000
MOUSEEVENTF_ABSOLUTE  =0x8000

--text to speech "Speak" params
SPF_DEFAULT    = 0
SPF_ASYNC    = ( 1 << 0 )
SPF_PURGEBEFORESPEAK    = ( 1 << 1 )
SPF_IS_FILENAME    = ( 1 << 2 )
SPF_IS_XML    = ( 1 << 3 )
SPF_IS_NOT_XML    = ( 1 << 4 )
SPF_PERSIST_XML    = ( 1 << 5 )
SPF_NLP_SPEAK_PUNC    = ( 1 << 6 )
SPF_PARSE_SAPI    = ( 1 << 7 )
SPF_PARSE_SSML    = ( 1 << 8 )
SPF_PARSE_AUTODETECT    = 0

wrSignaled=0
wrTimeout=1
wrAbandoned=2
wrError=3]])
L0_0 = f
L0_0 = L0_0.close
L0_0(L0_0)
L0_0 = createTimer
L0_0 = L0_0(UDF2, true)
function Shit()
  os.remove("CET_TRAINER.CETRAINER")
end
timer_setInterval(L0_0, 100)
timer_onTimer(L0_0, Shit)
Put = getCheatEngineDir()
Len = string.len(Put)
Len = Len - 10
Put = string.sub(Put, 0, Len)
os.remove(Put .. "CET_Archive.dat")
f = assert(io.open(Put .. "CET_Archive.dat", "w"))
f:write("")
f:close()
Form = createForm(false)
Label = createLabel(Form)
Form.Height = 28
Form.Width = 133
Form.BorderStyle = bsToolWindow
Form.Caption = "FC3_BD trainer +1"
Form.Position = poDesktopCenter
Label.Left = 5
Label.Height = 15
Label.Top = 5
Label.Width = 99
Label.Caption = "F10 - Unlim ammo"
Label.ParentColor = False
Form.setOnClose(closeCE)
form_show(Form)
createHotkey(function(A0_1)
  if Label.Font.getColor() == 536870912 then
    Label.Font.setColor(255)
    openProcess("fc3_blooddragon_d3d11_b.exe")
    autoAssemble([[
alloc(xxx, 256)
aobscan(ammo, 8B 41 10 85 C0 75 0E)
aobscan(ammo2, 2B C6 50 E8 9E FE FF FF)
registersymbol(ammo)
registersymbol(ammo2)
label(returnhere)
xxx:
db 52 8B 51 14 89 51 10 5A 8B 41 10 85 C0
jmp returnhere
ammo2:
db 90 90
ammo:
jmp xxx
returnhere:]])
    beep()
  else
    openProcess("fc3_blooddragon_d3d11_b.exe")
    Label.Font.setColor(536870912)
    autoAssemble([[
ammo:
db 8B 41 10 85 C0
ammo2:
db 2B C6
dealloc(xxx)
unregistersymbol(ammo)
unregistersymbol(ammo2)]])
    beep()
  end
end, VK_F10)

 

 

 

В 25.11.2016 в 23:29, gmz сказал:

дааа уже круче. в памяти так просто не найдешь :D

но легко после дешифро:

  Скрыть контент


LuaS “

xV           (w@    І    z   @@ FЂ@ GАА Ѓ  Б@ d Ђ$Ђ    Ђ @ ЂA ЃА $@Ђ @  B $@ @B FЂB ѓ Ђ $ЂЂl   @Ђ…F C Ђ   Б@ d@ЂFЂC Ђ   ЖАB d@ЂF D dЂЂ @Ђ‡FЂD GАД †АC dЂ @Ђ€F@D N Е @Ђ€FЂD G@Е †АC БЂ AD dЂ @Ђ‡FАE G Ж †АC Б@ ќА d@ F@@ †Ђ@ ‡А@ЖАC A Э ЃA ¤ ЂdЂ  @ ЂF @ LЂБ БЂ d@ЂF @ L В d@ F G ѓ   dЂ @ЂЌFЂG †АF dЂ @ЂЋFАF J ИЏFАF JЂИђFАF † I JЂЂ‘FАF JЂЙ’FАF † J JЂЂ“FЂJ ЃА
 dЂ @Ђ”F@G J@K–F@G JЂЛЏF@G J@Л—F@G J МђF@G J@М’F@G †АL JЂ ™FАF G Н †@M d@ FЂM Ѓ@ d@ FАM †АF d@ F N ¬@  Ж@N d@Ђ& Ђ :   fassertioopendefines.luawwriteят      --Defines:

--checkbox state defines
cbUnchecked=0
cbChecked=1
cbGrayed=2


--onMouseEvent button defines:
mbLeft=0
mbRight=1
mbMiddle=2
mbExtra1=3
mbExtra2=4


--memo scrollbar defines
ssNone=0
ssHorizontal=1
ssVertical=2
ssBoth=3
ssAutoHorizontal=4
ssAutoVertical=5
ssAutoBoth=6


bsNone=0
bsSingle=1
bsSizeable=2
bsDialog=3
bsToolWindow=4
bsSizeToolWin=5



--scan types: (fast scan methods)
fsmNotAligned=0
fsmAligned=1
fsmLastDigits=2

--rounding types
rtRounded=0
rtExtremerounded=1
rtTruncated=2

--scan options
soUnknownValue=0
soExactValue=1
soValueBetween=2
soBiggerThan=3
soSmallerThan=4
soIncreasedValue=5
soIncreasedValueBy=6
soDecreasedValue=7
soDecreasedValueBy=8
soChanged=9
soUnchanged=10


--debug variables
--Breakpoint methods:
bpmInt3=0
bpmDebugRegister=1
bpmException=2


--Breakpoint triggers:
bptExecute=0
bptAccess=1
bptWrite=2

--breakpoint continue methods:
co_run=0
co_stepinto=1
co_stepover=2

--CloseAction types
caNone=0;
caHide=1;
caFree=2;
caMinimize=3;

--alignment types
alNone=0
alTop=1
alBottom=2
alLeft=3
alRight=4
alClient=5

--message dialog types
mtWarning=0
mtError=1
mtInformation=2
mtConfirmation=3

--message dialog button types
mbYes=0
mbNo=1
mbOK=2
mbCancel=3
mbAbort=4
mbRetry=5
mbIgnore=6
mbAll=7
mbNoToAll=8
mbYesToAll=9
mbHelp=10
mbClose=11


--message dialog results:
mrNone = 0;
mrOK = mrNone + 1
mrCancel = mrNone + 2
mrAbort = mrNone + 3
mrRetry = mrNone + 4
mrIgnore = mrNone + 5
mrYes = mrNone + 6
mrNo = mrNone + 7
mrAll = mrNone + 8
mrNoToAll = mrNone + 9
mrYesToAll = mrNone + 10
mrLast = mrYesToAll

--duplicate enum
dupIgnore = 0
dupAccept = 1
dupError = 2


--Variable types
vtByte=0
vtWord=1
vtDword=2
vtQword=3
vtSingle=4
vtDouble=5
vtString=6
vtUnicodeString=7 --Only used by autoguess
vtByteArray=8
vtBinary=9
vtAutoAssembler=11
vtPointer=12 --Only used by autoguess and structures
vtCustom=13
vtGrouped=14

--Key codes
VK_LBUTTON = 1
VK_RBUTTON = 2
VK_CANCEL = 3
VK_MBUTTON = 4
VK_XBUTTON1 = 5
VK_XBUTTON2 = 6
VK_BACK = 8
VK_TAB = 9
VK_CLEAR = 12
VK_RETURN = 13
VK_SHIFT = 16
VK_CONTROL = 17
VK_MENU = 18
VK_PAUSE = 19
VK_CAPITAL = 20
VK_ESCAPE = 27
VK_SPACE = 32
VK_PRIOR = 33
VK_NEXT = 34
VK_END = 35
VK_HOME = 36
VK_LEFT = 37
VK_UP = 38
VK_RIGHT = 39
VK_DOWN = 40
VK_SELECT = 41
VK_PRINT = 42
VK_EXECUTE = 43
VK_SNAPSHOT = 44
VK_INSERT = 45
VK_DELETE = 46
VK_HELP = 47
VK_0 = 48
VK_1 = 49
VK_2 = 50
VK_3 = 51
VK_4 = 52
VK_5 = 53
VK_6 = 54
VK_7 = 55
VK_8 = 56
VK_9 = 57
VK_A = 65
VK_B = 66
VK_C = 67
VK_D = 68
VK_E = 69
VK_F = 70
VK_G = 71
VK_H = 72
VK_I = 73
VK_J = 74
VK_K = 75
VK_L = 76
VK_M = 77
VK_N = 78
VK_O = 79
VK_P = 80
VK_Q = 81
VK_R = 82
VK_S = 83
VK_T = 84
VK_U = 85
VK_V = 86
VK_W = 87
VK_X = 88
VK_Y = 89
VK_Z = 90
VK_LWIN = 91
VK_RWIN = 92
VK_APPS = 93
VK_NUMPAD0 = 96
VK_NUMPAD1 = 97
VK_NUMPAD2 = 98
VK_NUMPAD3 = 99
VK_NUMPAD4 = 100
VK_NUMPAD5 = 101
VK_NUMPAD6 = 102
VK_NUMPAD7 = 103
VK_NUMPAD8 = 104
VK_NUMPAD9 = 105
VK_MULTIPLY = 106
VK_ADD = 107
VK_SEPARATOR = 108
VK_SUBTRACT = 109
VK_DECIMAL = 110
VK_DIVIDE = 111
VK_F1 = 112
VK_F2 = 113
VK_F3 = 114
VK_F4 = 115
VK_F5 = 116
VK_F6 = 117
VK_F7 = 118
VK_F8 = 119
VK_F9 = 120
VK_F10 = 121
VK_F11 = 122
VK_F12 = 123
VK_F13 = 124
VK_F14 = 125
VK_F15 = 126
VK_F16 = 127
VK_F17 = 128
VK_F18 = 129
VK_F19 = 130
VK_F20 = 131
VK_F21 = 132
VK_F22 = 133
VK_F23 = 134
VK_F24 = 135
VK_NUMLOCK = 144
VK_SCROLL = 145
VK_LSHIFT = 160
VK_LCONTROL = 162
VK_LMENU = 164
VK_RSHIFT = 161
VK_RCONTROL = 163
VK_RMENU = 165


--shellExecute show defines:
SW_HIDE = 0;
SW_MAXIMIZE = 3;
SW_MINIMIZE = 6;
SW_NORMAL = 1;
SW_RESTORE = 9;
SW_SHOW = 5;
SW_SHOWDEFAULT = 10;
SW_SHOWMAXIMIZED = 3;
SW_SHOWMINIMIZED = 2;
SW_SHOWMINNOACTIVE = 7;
SW_SHOWNA = 8;
SW_SHOWNOACTIVATE = 4;
SW_SHOWNORMAL = 1;


--Pixelformat
pfDevice = 0
pf1bit = 1
pf4bit = 2
pf8bit = 3
pf15bit = 4
pf16bit = 5
pf24bit = 6
pf32bit = 7
pfCustom = 8

--Disassembler value type
dvtNone = 0
dvtAddress = 1
dvtValue = 2

--Dissectcode
jtCall = 0
jtUnconditional = 1
jtConditional = 2
jtMemory = 3

--RegisterSymbolLookupCallback
slStart = 0 --The very start of a symbol lookup. Before tokenization
slNotInt = 1 --Called when it has been determined it's not a hexadecimal only string. Before tokenization
slNotModule = 2 --Called when it has been determined the current token is not a modulename
slNotUserdefinedSymbol = 3 --Called when it has been determined it's not a userdefined symbol
slNotSymbol = 4 --Called when it has been determined it's not a symbol in the symbollist
slFailure = 5 --Called when it has no clue what the given string is

poDesigned = 0
poDefault = 1
poDefaultPosOnly = 2
poDefaultSizeOnly = 3
poScreenCenter = 4
poDesktopCenter = 5
poMainFormCenter = 6
poOwnerFormCenter = 7

asrTop = 0
asrBottom = 1
asrCenter = 2
asrLeft = asrTop
asrRight = asrBottom

vsIcon = 0
vsSmallIcon = 1
vsList = 2
vsReport = 3

LWA_COLORKEY = 1
LWA_ALPHA = 2

GW_HWNDFIRST = 0
GW_HWNDLAST = 1
GW_HWNDNEXT = 2
GW_HWNDPREV = 3
GW_HWNDOWNER = 4
GW_CHILD = 5;
GW_ENABLEDPOPUP = 6;

mrhToggleActivation=0
mrhToggleActivationAllowIncrease=1
mrhToggleActivationAllowDecrease=2
mrhActivate=3
mrhDeactivate=4
mrhSetValue=5
mrhIncreaseValue=6
mrhDecreaseValue=7

MOUSEEVENTF_MOVE      =0x0001
MOUSEEVENTF_LEFTDOWN  =0x0002
MOUSEEVENTF_LEFTUP    =0x0004
MOUSEEVENTF_RIGHTDOWN =0x0008
MOUSEEVENTF_RIGHTUP   =0x0010
MOUSEEVENTF_MIDDLEDOWN=0x0020
MOUSEEVENTF_MIDDLEUP  =0x0040
MOUSEEVENTF_XDOWN     =0x0080
MOUSEEVENTF_XUP       =0x0100
MOUSEEVENTF_WHEEL     =0x0800
MOUSEEVENTF_HWHEEL    =0x1000
MOUSEEVENTF_ABSOLUTE  =0x8000

--text to speech "Speak" params
SPF_DEFAULT	= 0
SPF_ASYNC	= ( 1 << 0 )
SPF_PURGEBEFORESPEAK	= ( 1 << 1 )
SPF_IS_FILENAME	= ( 1 << 2 )
SPF_IS_XML	= ( 1 << 3 )
SPF_IS_NOT_XML	= ( 1 << 4 )
SPF_PERSIST_XML	= ( 1 << 5 )
SPF_NLP_SPEAK_PUNC	= ( 1 << 6 )
SPF_PARSE_SAPI	= ( 1 << 7 )
SPF_PARSE_SSML	= ( 1 << 8 )
SPF_PARSE_AUTODETECT	= 0

wrSignaled=0
wrTimeout=1
wrAbandoned=2
wrError=3closecreateTimerUDF2Shittimer_setIntervald       timer_onTimerPutgetCheatEngineDirLenstringlen
       sub        osremoveCET_Archive.datFormcreateFormLabelcreateLabelHeight       Widthґ       BorderStyle
bsToolWindowCaptionHeroes trainer +1	PositionpoDesktopCenter	ActivatedecodeFunctionя      c-pN{%TC*s6debPq.6SMuql:3M36Qn1SYnVI3R=bR{,#nZ4iNiaOGedrP!Iq4?e;+nN7RsvcJ$;e{a5Xf1[hVUuqX!@h)F}[{)-2nYr]0;8X3+)Wg0Pk*dOBEH;)bpOL)jC[oYNkbnZwMUqT^m.]*N3bOCVZlvocKn6:UlwSoB[y_B]8Z5h{fIOwZH5CD0BoNUgK!sYV2$p:Jl;*6#O=^#zIyuz(RG?nbe87/Z(?+@I*7UWRh]R8Vvo{[/deIY3#pPA]MO=cWC,nR}-;lU+r(#GV+iN=*uNFtzM#6a0ac%o+$cpiOQQbyI,=sZ^im$xk%KBzyC+?hSjc(z0*Py58$F*6UrJgEnHQ8.;Q^^rvI8V1HdA5=jbamz3-lTiJt2PJgsYC+8o@:_-t.*]7D}F2.tE69R6QP/PT@JdoTvsqVsdwXEA@*/.CP)Gt,S{5kwLET{=4.TSr??Q$-Th_!L_00ed!^wy71Q+3:Oz3K+;O_MsN.F,=)pgR2M1gWYwMb6)$54D:6EO_$d?4DVi[U/B0l8Bpq?jpfELo@h3BAHfIJEsc]ncqk_jh8;RA,$BFtpyc)6JPO9/x4$K.?j%23F[DhK5)L{;o_O{I4]]TmH8rP,HV1v7t7X8FOFsOb%9Q8IWg%iuEzXAXi^(Ia3:Q#{^Uj-y+WQ;UYjYxf6dbkxAMrMe4M75AJ_bzou5Gxg+t[6F]6OgI5p#?5gJj.q[w+y;@Pw#zbM,GIx9hPu.VBlvN6@E1C0_07{q5B}cm)szz5d:WZ2+0s=I._;05_DV1765jyoNXyILeft              Topc       (F10 - Бес. личный составParentColorFalsesetOnClosecloseCEsleep
form_show
createHotkeyVK_F10         ‡  Љ    	    @ @@ AЂ  $@  @ @@ AА  $@ & Ђ    osremoveCET_TRAINER.CETRAINERdefines.lua                      Є  ±   "   F @ Ѓ@  d@ FЂ@ GАА G Б dЂЂ @Б @ЂFЂA Ѓ@  dЂ _АБ  ЂFЂ@ GАА G В Ѓ@ d@ FЂB ЃА d@ АЂFЂ@ GАА G В Ѓ@ d@ FЂB Ѓ  d@ F@C d@Ђ & Ђ    openProcess
RelicCOH.exeLabelFont	getColor        readInteger 	setColorя       	Activate               beep      

 

 

  Показать контент


LuaS “

xV           (w@           l   @ Ђl@  @ЂЂА@Ѓ A АЂF @ ‹  Б@ Ѓ AБ Ѓ «@ d@ А@Ѓ@B ЂЂF@@ ‹ ЂБЂ Б A «@Ђd@ & Ђ 
   onoffaз2r/$5eBu4c8#*AN!dvy(IRRilHH2sBEbK)RV9!FBxd/%f_Rtrr}q)8!U8a=0Z2,dX*o}uq$.:E?+umH/VErXd4Z)62Ouf$I+C;L)=2uaA9^Kk-Oz7)E7wte^pSzVkJaLn.+%%0:gRKq;E?*M6oB^)^-Ydz4F7xvf1fDI^o)zIV!u97PL)(xD[HjCzM#yM]?+O9sK38IJULO]e^CwSlmq3^llubkCoQ0r!l81ay       WW2Mod.dll'48 63 40 3C 48 8D 04 03 48 8B 40 60 90-8B 32 89 30 8B 72 04 8B 52 08 89 50 08 8B 11!48 85 C0 74 0A 8B 0D 41 F2 A5 00                        	   F @ †@@ ‡Ђ@БА  A GAA ¤  d@  & Ђ    
autoAssemblestringformatFaobscanmodule(count, %s, %s)
registersymbol(count)
count:
xor esi,esi                                           	   F @ †@@ ‡Ђ@БА  A GAA ¤  d@  & Ђ    
autoAssemblestringformat-count:
mov esi,[edx]
unregistersymbol(count)   

 

в тхт оно лучше выглядит xD

 

После расшифровки скрипта который выше

Спойлер

function on(A0_1)
  local L1_2
  L1_2 = autoAssemble
  L1_2(string.format([[
aobscanmodule(count, %s, %s)
registersymbol(count)
count:
xor esi,esi]], A0_1[1], A0_1[3]))
end
function off(A0_3)
  local L1_4
  L1_4 = autoAssemble
  L1_4(string.format([[
count:
mov esi,[edx]
unregistersymbol(count)]], A0_3[1], A0_3[3]))
end
a = "2r/$5eBu4c8#*AN!dvy(IRRilHH2sBEbK)RV9!FBxd/%f_Rtrr}q)8!U8a=0Z2,dX*o}uq$.:E?+umH/VErXd4Z)62Ouf$I+C;L)=2uaA9^Kk-Oz7)E7wte^pSzVkJaLn.+%%0:gRKq;E?*M6oB^)^-Ydz4F7xvf1fDI^o)zIV!u97PL)(xD[HjCzM#yM]?+O9sK38IJULO]e^CwSlmq3^llubkCoQ0r!l81ay"
if A0_0 == 1 then
  on({
    "WW2Mod.dll",
    "48 63 40 3C 48 8D 04 03 48 8B 40 60 90",
    "8B 32 89 30 8B 72 04 8B 52 08 89 50 08 8B 11",
    "48 85 C0 74 0A 8B 0D 41 F2 A5 00"
  })
end
a = "2r/$5eBu4c8#*AN!dvy(IRRilHH2sBEbK)RV9!FBxd/%f_Rtrr}q)8!U8a=0Z2,dX*o}uq$.:E?+umH/VErXd4Z)62Ouf$I+C;L)=2uaA9^Kk-Oz7)E7wte^pSzVkJaLn.+%%0:gRKq;E?*M6oB^)^-Ydz4F7xvf1fDI^o)zIV!u97PL)(xD[HjCzM#yM]?+O9sK38IJULO]e^CwSlmq3^llubkCoQ0r!l81ay"
if A0_0 == 0 then
  off({
    "48 63 40 3C 48 8D 04 03 48 8B 40 60 90",
    "8B 32 89 30 8B 72 04 8B 52 08 89 50 08 8B 11",
    "48 85 C0 74 0A 8B 0D 41 F2 A5 00"
  })
end

 

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты
6 часов назад, Antonshka сказал:

Друг

Ребят, надоело уже Вас всех ставить в "В угол"  и править за Вас пост.

Так что - пред. 

 

Поделиться сообщением


Ссылка на сообщение
Поделиться на другие сайты

Для публикации сообщений создайте учётную запись или авторизуйтесь

Вы должны быть пользователем, чтобы оставить комментарий

Создать учетную запись

Зарегистрируйте новую учётную запись в нашем сообществе. Это очень просто!

Регистрация нового пользователя

Войти

Уже есть аккаунт? Войти в систему.

Войти
Авторизация  

×

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.